2026-04-08_4d945286195e1ed239d22906c9fb004b_elex_wannacry

HOSTILE

Mal-ecule

Size 91.3 KB download

First seen 56 days ago

Analyzed 54 days ago

Ecosystem vxunderground-inthewild

Well-known

malware/trojan/elex Storm DDoS Active Setup loader

evasion/self-delete COMSPEC CreateProcess self-delete

persistence/login/startup Active Setup StubPath persistence

persistence/system/service Persists DLL through Windows service

anti-static/obfuscation Unusual PE section alignment

data/embedded Complete PE resource extraction with data access

fs/file Copy files (Windows API ANSI)

os/registry Registry open create and write APIs

os/service Windows service admin import cluster

process/inject CreateRemoteThread API reference

binary Overlay exceeds one-third

unsigned Binary is not digitally signed

dylib::advapi32 links ADVAPI32.dll (CloseServiceHandle, RegOpenKeyExA, RegQueryValueExA, StartServiceCtrlDispatcherA, RegCreateKeyA, ... +10 more)

dylib::comdlg32 links comdlg32.dll (GetFileTitleA)

dylib::kernel32 links KERNEL32.dll (lstrcatA, lstrcpyA, GetEnvironmentVariableA, GetShortPathNameA, GetModuleFileNameA, ... +28 more)

dylib::mfc42 links MFC42.DLL (ORDINAL 924, ORDINAL 800, ORDINAL 941, ORDINAL 535, ORDINAL 537)

dylib::msvcp60 links MSVCP60.dll (??0_Winit@std@@QAE@XZ, ??1_Winit@std@@QAE@XZ, ??1Init@ios_base@std@@QAE@XZ, ??0Init@ios_base@std@@QAE@XZ)

hardening::no-pie Binary is not position-independent (fixed load address)

signed::unsigned Binary is not digitally signed

SigBase/SUSP/Imphash Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)

20 of 56 traits shown

SHA-256	192f65e31b583b4b6851d8644fd70d58efc4c253be7e53dcff63e46d5a5dbea8
Filename	2026-04-08_4d945286195e1ed239d22906c9fb004b_elex_wannacry

Not seeing what you expected? Let us know